Bỏ qua

Data Obfuscation

Warning

The current page still doesn't have a translation for this language.

But you can help translating it: Contributing.

Data obfuscation protects sensitive values while preserving data utility for testing.

This guide uses a hybrid approach:

  • Build anonymization-oriented models from database metadata in Database View.
  • Refine and extend masking behavior in DATAMIMIC DSL models.
Demo Project Anonymization
Masking demo project in the Editor with DSL-based obfuscation rules

Steps

  1. Open the Demo Store and clone Basic Masking
  2. The Demo Store is available via the DATAMIMIC icon and provides multiple demos and use cases.

  3. Basic Masking is a concept showcase that demonstrates the core obfuscation workflow.

  4. Setup Environments

  5. Ensure both environments are available:
  6. sourceDB: database read source.
  7. targetDB: write target for obfuscated records.

  8. For details, see Environments.

  9. Create a baseline anonymization model in Database View (optional but recommended)

  10. Use Create Anonymize to generate a first baseline model from metadata.

  11. Keep this step lightweight for the demo flow; use Auto-Generate Model from Database for the full step-by-step process.

  12. Refine masking behavior in 2_generate

  13. Use the generated model as baseline.

  14. Adjust scripts and converters in DSL for business-specific masking behavior.

Variant 1: Database Record Obfuscation

This variant retrieves records from the CUSTOMER table of source and updates the name column. All other columns remain unchanged. The name column is obfuscated by appending _mask. The obfuscated data is written to target.

1
2
3
<generate name="CUSTOMER" source="source" type="CUSTOMER" target="target">
    <key name="name" script="name+'_mask'" />
</generate>

Variant 2: Database Record Obfuscation with Converter

In Variant 2, built-in converters anonymize existing column values (full_name, email, tc_creation_src).

1
2
3
4
5
6
7
<generate source="source" name="USER" target="target">
    <key name="full_name" script="full_name + '_mask'" />
    <!-- Use the default mask converter to mask into '*' (default char) -->
    <key name="email" script="email" converter="Mask" />
    <!-- Optionally pass a character you prefer to the Mask converter -->
    <key name="tc_creation_src" converter="Mask('!')" script="tc_creation_src" />
</generate>

Variant 3: CSV File Obfuscation with Multiple Approaches

This variant obfuscates person records from a CSV file and writes a new output file named ObfuscateCSV.csv.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
<generate name="ObfuscateCSV" type="ObfuscateCSV" source="data/persons.ent.csv" target="CSV">
    <variable name="addr" entity="Address" />
    <!-- Cut the length of string from the start -->
    <key name="familyName" script="familyName" converter="CutLength(3)" />
    <key name="givenName" script="givenName" converter="Mask" />
    <key name="alias" script="alias" converter="Append('_demo')" />
    <key name="street" script="addr.street" />
    <key name="city" script="addr.city" />
    <key name="country" constant="US" />
    <key name="accountNo" script="accountNo" converter="Hash('sha256', 'hex')" />
    <key name="ssn" script="ssn" converter="MiddleMask(2,3)" />
    <key name="creditCardNo" script="creditCardNo" converter="Hash('sha1', 'base64')" />
    <key name="secret1" script="secret1" converter="Hash('md5', 'hex')" />
    <key name="secret2" script="secret2" converter="Hash('md5', 'base64')" />
    <key name="secret3" script="secret3" converter="Hash('sha1','hex')" />
    <key name="secret4" script="secret4" converter="Hash('sha1', 'base64')" />
</generate>

Recap

  1. Review the demo Basic Masking from the Demo Store.
  2. Build a baseline anonymization model in Database View using Create Anonymize.
  3. Refine masking behavior in 2_generate and related models (3-1-anon-person-constant, 3-2-anon-person-hash.xml).